Being an admin in Berlin, I get around a lot doing my job. And over the course of the past four years I've noticed a steady increase in wireless networks wherever I go. Especially since the 10.3.2 update to OS X, I often get a nice dialog window asking me, whether I would like to join the untrusted network XYZ whenever I open up my trusted, airport-equipped Powerbook at a client's location.

And while in the beginning these networks tended to be open, increasingly they are protected. Good. But still, there will always be folks who (intentionally or not) leave their WaveLAN open and it is not uncommon to enjoy wireless internet throughout town. However today I came across new heights of openess while sitting in a café in Mitte that - for the protection of the victim - shall remain unnamed.

After joining the automatically discovered network I found that there were no ports closed, as even ssh worked fine. I then checked which address I had been assigned (192.168.2.x) and then, just for fun, entered 192.168.2.1 into Safari and lo! and behold! I was greeted with the admin screen of a siemens gigaset 105... I clicked on enter without providing a passwort and was presented with the setup options of the router!

But it get's better. Not only did this guy neither assign a password to his network (which could be an intentional, socially motivated decision) nor to his router (inexcusable) but... yes! He hadn't deactivated guest access to his (windows) computer either...

So, taking advantage of the newly introduced SMB browsing features of Mac OS X 10.3.3 I found an open share in the workgroup MSHEIMNETZ containing mp3s, avis of current movies (harmless), photos of the owner of the PC (conveniently named selfportrait.jpg) along with a text version of his email signature.

Now, that I knew his name and mobile phone number I should have stopped nosing around. But I'm only human ;-) A quick google check showed that this guy was a heavy-weight journalist, acting as head of the Berlin office of a major German TV network! And on this Windowsshare were not only work related documents but his entire email archive and files named 'Umsätze 2003.xls' and 'Schwarzarbeit II.doc' and so on... Can you say juicy? (I swear, I'm not making this up!)

At this moment, luckily, the folks I was there to meet arrived and I closed my powerbook...

After our meeting I resisted any further temptation and simply put an end to the whole thing by calling this person on his mobile. I left a message on his answer machine, that I had found his network and computer wide open and that he would probably want to rectify that. Also, as to not come across as a fraud, I left my own number, in case he had any questions. Ten minutes later I got a return call from him, thanking me for the advice. Turns out, he's a real nice guy, more thankful than irritated. I now have one public hotspot less in Mitte, but I can't say, that I feel bad about it...